How severe is CVE-2021-28167?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 6.5 out of 10.

What type of vulnerability is CVE-2021-28167?

This is classified as CWE-909, which is a common weakness in software security.

CVE-2021-28167

MEDIUM Year: 2021

CVSS v3 Score

6.5

Medium

CVSS v2 Score

6.4

Medium

Weakness Type

CWE-909

View all →

Vulnerability Description

In Eclipse Openj9 to version 0.25.0, usage of the jdk.internal.reflect.ConstantPool API causes the JVM in some cases to pre-resolve certain constant pool entries. This allows a user to call static methods or access static members without running the class initialization method, and may allow a user to observe uninitialized values.

CVE-2019-9247

MEDIUM

CVSS:6.5(Medium)

In AAC Codec, there is a missing variable initialization. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. ...

CWE-9092019

CVE-2019-9313

MEDIUM

CVSS:6.5(Medium)

In libstagefright, there is a missing variable initialization. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitat...

CWE-9092019

CVE-2019-9314

MEDIUM

CVSS:6.5(Medium)

In libavc, there is a missing variable initialization. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Pro...

CWE-9092019

CVE-2019-9315

MEDIUM

CVSS:6.5(Medium)

In libhevc, there is a missing variable initialization. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Pr...

CWE-9092019